Skip to content

Commit

Permalink
Added notes in gitian-signing for optionally generating SHA256SUMS
Browse files Browse the repository at this point in the history 
Summary:
We did this for the 0.18.0 release, so I'm recording the process here.
I marked it as optional as this is already being supersceded by signing the binaries
individually so that automatic sig verification can be applied.

Test Plan: I did this for the 0.18.0 release

Reviewers: deadalnix, schancel, Mengerian, #bitcoin_abc

Reviewed By: schancel, #bitcoin_abc

Subscribers: teamcity

Differential Revision: https://reviews.bitcoinabc.org/D1664
  • Loading branch information
@jasonbcox
jasonbcox committed Aug 22, 2018
1 parent d5e0d07 commit 23f4c8f
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions doc/gitian-signing.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,26 @@ with the siginging process and that it's unacceptable to blindly sign builds.

## Sign your gitian builds

### Sign your gitian builds individually

TODO: Add scripts and instructions for checking for revoked keys and signing builds.
For now, refer to `contrib/check-keys.sh` for retrieving all signing keys.

### Sign your gitian builds under a single SHA256SUMS file (optional)

These steps are optional, but makes sharing the build signatures easier.

1. After building all binaries using gitian, collect the hashes for the builds
you care to sign. Exclude any debug binaries, unsigned builds, or metadata
files that are built as part of the gitian process, but be sure to include
the source used to generate the binaries. These hashes will look something
like this:

8bc4becb83b532d3be841438e6145372a8bce8f37e087dbffb2aedaee985c0e4 bitcoin-abc-0.18.0-aarch64-linux-gnu.tar.gz
deb3d15d6ccbce4725f0e0dc892931bfdcbcfa7ccbd35846ccbde90572248bed bitcoin-abc-0.18.0-arm-linux-gnueabihf.tar.gz
79a2bff6109307fd64a569270eeb1259cb6bba53ff609af4e5340d13e25e80b8 bitcoin-abc-0.18.0-i686-pc-linux-gnu.tar.gz
f40ba895f21270d3a038361f9b2baed68df2688eaa01ad531b4ee29ee205cb98 bitcoin-abc-0.18.0-x86_64-linux-gnu.tar.gz
11dc3ba7f193c70879b3fc3cc716fde56880dfebfab8bb556b7a355b2e64f09d src/bitcoin-abc-0.18.0.tar.gz
b83a25ad9050e7566fc6b4f5e33a78d71a39fd7d2f15e7143a37ffd37d501a17 bitcoin-abc-0.18.0-osx64.tar.gz
2. Save those hashes into `SHA256SUMS.0.x.0` where x is the version number.
3. `gpg --armor --clearsign --output SHA256SUMS.0.x.0.asc --sign SHA256SUMS`

0 comments on commit 23f4c8f

Please sign in to comment.